Dan Thanks for the reply. I ran a tshark and saw some unknown service principal errors. Not sure how I missed that but our DDNS does not put a PTR record for the hosts. After specifying my host as fully qualified the ldapsearch works with GSSAPI to my OpenLDAP server.
The FDS server is another story but I guess that has nothing to do with SASL since it works to OpenLDAP. Now I just need to get my authzid right for my SASL mappings in FDS.. Thanks again -----Original Message----- From: Dan White [mailto:dwh...@olp.net] Sent: Tuesday, February 24, 2009 1:08 PM To: Chavez, James R. Cc: cyrus-sasl@lists.andrew.cmu.edu Subject: Re: FDS and Cyrus SASL Chavez, James R. wrote: > Hello List, > I am having an issue getting SASL gssapi going between my Fedora > Directory LDAP servers and LDAP clients I have configured OpenLDAP > with SASL gssapi and it works great. However I am havving issues when > I run an ldapsearch or ldapwhoami on my clients. > > ... > Is there something I can do to trace SASL gssapi errors? Or to debug > the transfer between the client and server. I ran a tcpdump but did > not find > > much there. > James, See: http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/OpenLdapSaslGssapi - Dan CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.
